package com.ctrip.ibu.permissions.security.security;


import com.ctrip.ibu.permissions.common.exception.BaseException;
import com.ctrip.ibu.permissions.security.http.HttpRequestWrapper;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * Access control by path.
 *
 * @author r.shi 2020/03/12 17:12
 */
@Slf4j
public class AclAfterAuthenticationFilter extends OncePerRequestFilter {

    @Autowired
    AclRule aclRule;

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException{
        HttpRequestWrapper requestWrapper = new HttpRequestWrapper(request);
        if (!aclRule.accept(requestWrapper)) {
            throw new BaseException( "Access is denied!", HttpStatus.FORBIDDEN);
        }

        filterChain.doFilter(requestWrapper, response);
    }



}
